tests: PMKSA cache entry timeout based on Session-Timeout

This verifies that hostapd uses Session-Timeout value from Access-Accept
as the lifetime for the PMKSA cache entries and expires entries both
while the station is disconnected and during an association.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
index 2bbfae83d705f8f82208cc39d4a309b1a5537f27..0dce2fa5153e62e4d4d5aa8da5328996caf6e6f3 100644 (file)
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@@ -27,6 +27,9 @@ radius_accept_attr=25:x:00112233445566778899
 radius_accept_attr=89:s:gpsk-chargeable-user-identity
 radius_accept_attr=25:x:00112233445566778899aa
 
+"gpsk-user-session-timeout"    GPSK    "abcdefghijklmnop0123456789abcdef"
+radius_accept_attr=27:d:3
+
 "020000000000" MACACL  "020000000000"
 
 "0232010000000000@ttls"        TTLS,AKA

diff --git a/tests/hwsim/test_pmksa_cache.py b/tests/hwsim/test_pmksa_cache.py
index 9ef291d4310679461dd099dec6224a623fc06f4a..95491d0b11d25887c0cc4da5b45fe447ecfb817a 100644 (file)
--- a/tests/hwsim/test_pmksa_cache.py
+++ b/tests/hwsim/test_pmksa_cache.py
@@ -427,3 +427,33 @@ def test_pmksa_cache_disabled(dev, apdev):
     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
     if ev is None:
         raise Exception("Roaming with the AP timed out")
+
+def test_pmksa_cache_ap_expiration(dev, apdev):
+    """PMKSA cache entry expiring on AP"""
+    params = hostapd.wpa2_eap_params(ssid="test-pmksa-cache")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    bssid = apdev[0]['bssid']
+    dev[0].connect("test-pmksa-cache", proto="RSN", key_mgmt="WPA-EAP",
+                   eap="GPSK", identity="gpsk-user-session-timeout",
+                   password="abcdefghijklmnop0123456789abcdef",
+                   scan_freq="2412")
+    dev[0].request("DISCONNECT")
+    time.sleep(5)
+    dev[0].dump_monitor()
+    dev[0].request("RECONNECT")
+    ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
+                            "CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Roaming with the AP timed out")
+    if "CTRL-EVENT-CONNECTED" in ev:
+        raise Exception("EAP exchange missing")
+    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Reassociation with the AP timed out")
+    dev[0].dump_monitor()
+    ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Disconnection event timed out")
+    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=20)
+    if ev is None:
+        raise Exception("Reassociation with the AP timed out")